CVE-2024-34401

Name of the Vulnerable Software and Affected Versions Savsoft Quiz version 6.0

Description The issue allows stored XSS via the quiz name parameter in the "index.php/quiz/insert quiz/" endpoint. This enables potential attackers to inject malicious scripts into the application.

Recommendations For Savsoft Quiz version 6.0, as a temporary workaround, consider restricting access to the index.php/quiz/insert quiz/ endpoint until a patch is available. Avoid using the quiz name parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.